Visa and Mastercard are currently alerting banks across the country about a data breach by one of its US-based credit card processors, Global Payments. Global Payments has released a statement (and a support website) that it identified unauthorized access into its processing system and 1,500,000 credit card numbers may have been affected. The breach affected Track 2 data such as personal account numbers, expiration dates and security codes; cardholder names, addresses and Social Security Numbers were not affected.
As with all breaches, there is always a fallout that isn't necessarily tied to the costs of containing the breach. Following the breach, Visa has dropped Global Payments from its registry of providers that meet security standards - though the company continues to process Visa payments, it may give other partners pause about security measures. CNN reports that Global Payments stock fell almost immediately after the announcement of the breach.
The lost of trust in the brand will have lasting damage as a result of this breach, and such damage can happen to any company that experiences a data breach.
This particular breach is refuelling the discussion on current Payment Card Industry Data Security Standards (PCI-DSS), which many believe to be inadequate. As has always been our advice, no matter the industry, consider industry standards and compliance requirements a base for your IT security planning, just one aspect of your layered approach to security, and you will be better prepared to mitigate the ever-present and changing risks affecting businesses today.